Detalhes

Limit password attempts to count attempts per seconds per IP per username.

$wgMainCacheType must be set to something other than CACHE_NONE for this setting to work.

To disable, put the following in LocalSettings.php:

$wgPasswordAttemptThrottle=false;

MediaWiki version:

≥ 1.27

Multiple thresholds can be added.
They will all be tested separately.

Default value

MediaWiki version:

≥ 1.27

/** * Limit password attempts to X attempts per Y seconds per IP per account. * * Value is an array of arrays. Each sub-array must have a key for count * (ie count of how many attempts before throttle) and a key for seconds. * If the key 'allIPs' (case sensitive) is present, then the limit is * just per account instead of per IP per account. * * @since 1.27 allIps support and multiple limits added in 1.27. Prior * to 1.27 this only supported having a single throttle. * @warning Requires $wgMainCacheType to be enabled */$wgPasswordAttemptThrottle=[// Short term limit['count'=>5,'seconds'=>300],// Long term limit. We need to balance the risk// of somebody using this as a DoS attack to lock someone// out of their account, and someone doing a brute force attack.['count'=>150,'seconds'=>60*60*48],];